[..]Here's a patch I'm adding to vpopmail to fall back to using a non-MD5 salt if the host's crypt() doesn't handle MD5.+ if (tmpstr[2] != '$') {
I know less than nothing about C, but shouldnt that be: 'if (tmpstr[0] ==
'$') {' ?
In an MD5-encrypted password, the salt will start with $1$. If you push that salt into a DES-encrypted password, it will only use the first two characters (and the third will become something other than $).
So, the test tells you that what you thought would be an MD5-encrypted password was actually DES-encrypted.
A compile-time test is a good idea though -- I'll try to add it as a Feature Request on SourceForge so we don't forget about it. If you have a SF account, feel free to make the request yourself.
-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
